The use of honeypots and honey tokens is fairly widespread in the field of network security. The term honeypot is commonly used to refer to a trap set to detect, deflect, or counteract attempts at an unauthorized use or malicious use of information systems. Generally, a honeypot can be a decoy server or end station that appears to be part of a network, but is actually isolated and monitored, and which appears to contain information or a resource of value to attackers. Honeypots allow system operators to learn how attackers probe and attempt to gain access to end stations, and can also be used to gather evidence to be used to assist in the apprehension or prosecution of attackers.
Similarly, the term “honey token” (or honeytoken) can be used to refer to honeypots that are not servers or end stations. Instead, honey tokens are typically pieces of information placed within a server or server end station that are typically easy to detect when used, but rarely (if ever) used by an authorized user. For example, a honey token could be a user account that is not actually assigned to or used by any authorized user, or a database entry that would typically only be selected by a malicious query. Accordingly, a security compromise (i.e., a data breach) can be identified when a honey token is detected as being used. For example, upon an attempted or actual use of the user account honey token (e.g., an attempt to log on to a server), or an attempted or actual access of the database entry including a honey token, an alarm can be issued to indicate the compromise.
However, as organizations have begun providing mobile end stations and/or allowing employee-owned mobile end stations (such as cellular phones or tablet computers) to be used for organizational business, the resultant mobility of such mobile end stations has led to further security vulnerabilities for the enterprise. For example, individuals often lose personal or enterprise-provided mobile phones, thereby exposing organizational resources (e.g., email, documents, credentials) to be exploited by an attacker. Such scenarios can be especially problematic when a lost or compromised mobile end station is not managed by the enterprise—such as a personal cell phone of an employee—as the organization may not have the ability to control/protect/secure the end station or resources available thereon. Additionally, because unmanaged end stations are not under the control or watch of the enterprise, a one-time or continual compromise of an unmanaged client end station (e.g., via installed malware) may not even be detected by the user or enterprise, thus weakening the enterprise's ability to protect its resources. Accordingly, illegal data access originating from compromised end stations have become one of the most prominent information threats that organizations face today.
Accordingly, improved techniques for enhancing an organization's security, especially with regard to unmanaged client end stations such as mobile devices, are desired.